[SimplifyCFG] Check alignment when speculating stores

nikic · nikic · commit 883887493c88 · 2024-04-23T12:39:35.000+09:00
When speculating a store based on a preceding load/store, we need to ensure that the speculated store does not have a higher alignment (which might only be guaranteed by the branch condition). There are various ways in which this could be strengthened (we could get or enforce the alignment), but for now just do the simple check against the preceding load/store. Fixes #89672.
diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
@@ -2888,15 +2888,16 @@ static Value *isSafeToSpeculateStore(Instruction *I, BasicBlock *BrBB,
       // simple, to avoid introducing a spurious non-atomic write after an
       // atomic write.
       if (SI->getPointerOperand() == StorePtr &&
-          SI->getValueOperand()->getType() == StoreTy && SI->isSimple())
+          SI->getValueOperand()->getType() == StoreTy && SI->isSimple() &&
+          SI->getAlign() >= StoreToHoist->getAlign())
         // Found the previous store, return its value operand.
         return SI->getValueOperand();
       return nullptr; // Unknown store.
     }
 
     if (auto *LI = dyn_cast<LoadInst>(&CurI)) {
       if (LI->getPointerOperand() == StorePtr && LI->getType() == StoreTy &&
-          LI->isSimple()) {
+          LI->isSimple() && LI->getAlign() >= StoreToHoist->getAlign()) {
         // Local objects (created by an `alloca` instruction) are always
         // writable, so once we are past a read from a location it is valid to
         // also write to that same location.
diff --git a/llvm/test/Transforms/SimplifyCFG/speculate-store.ll b/llvm/test/Transforms/SimplifyCFG/speculate-store.ll
@@ -240,14 +240,16 @@ if.end:
   ret i32 %add
 }
 
-; FIXME: This is a miscompile.
 define void @wrong_align_store(ptr %A, i32 %B, i32 %C, i32 %D) {
 ; CHECK-LABEL: @wrong_align_store(
 ; CHECK-NEXT:  entry:
 ; CHECK-NEXT:    store i32 [[B:%.*]], ptr [[A:%.*]], align 4
 ; CHECK-NEXT:    [[CMP:%.*]] = icmp sgt i32 [[D:%.*]], 42
-; CHECK-NEXT:    [[SPEC_STORE_SELECT:%.*]] = select i1 [[CMP]], i32 [[C:%.*]], i32 [[B]]
-; CHECK-NEXT:    store i32 [[SPEC_STORE_SELECT]], ptr [[A]], align 8
+; CHECK-NEXT:    br i1 [[CMP]], label [[IF_THEN:%.*]], label [[RET_END:%.*]]
+; CHECK:       if.then:
+; CHECK-NEXT:    store i32 [[C:%.*]], ptr [[A]], align 8
+; CHECK-NEXT:    br label [[RET_END]]
+; CHECK:       ret.end:
 ; CHECK-NEXT:    ret void
 ;
 entry:
@@ -263,15 +265,17 @@ ret.end:
   ret void
 }
 
-; FIXME: This is a miscompile.
 define void @wrong_align_load(i32 %C, i32 %D) {
 ; CHECK-LABEL: @wrong_align_load(
 ; CHECK-NEXT:  entry:
 ; CHECK-NEXT:    [[A:%.*]] = alloca i32, align 4
 ; CHECK-NEXT:    [[TMP0:%.*]] = load i32, ptr [[A]], align 4
 ; CHECK-NEXT:    [[CMP:%.*]] = icmp sgt i32 [[D:%.*]], 42
-; CHECK-NEXT:    [[SPEC_STORE_SELECT:%.*]] = select i1 [[CMP]], i32 [[C:%.*]], i32 [[TMP0]]
-; CHECK-NEXT:    store i32 [[SPEC_STORE_SELECT]], ptr [[A]], align 8
+; CHECK-NEXT:    br i1 [[CMP]], label [[IF_THEN:%.*]], label [[RET_END:%.*]]
+; CHECK:       if.then:
+; CHECK-NEXT:    store i32 [[C:%.*]], ptr [[A]], align 8
+; CHECK-NEXT:    br label [[RET_END]]
+; CHECK:       ret.end:
 ; CHECK-NEXT:    ret void
 ;
 entry:
